IPv6 tunnel
This scenario details how to connect an IPv6 enabled site which has no native IPv6 internet service to connect to a remote IPv6 routing service to facilitate end to end IPv6 transport, thus avoiding the need for NAT64.
Hurricane Electirc (http://ipv6.he.net/) offers an excellent free service which allows for the use of global routable IPv6 address on your network through the use of its Tunnelbroker service (http://www.tunnelbroker.net/).
Once signed up you will allocated one /64 prefix to be used by your router and a single VLAN, but if you would like IPv6 on additional VLANs there is also a /46 prefix.
To make use of the IPv6 default route made available via the tunnel, OSPFv3 is used between the 1841 and ASA .
IP configurations
| Tunnel destination | 216.66.80.26 |
| Server IPv6 address | 2001:470:bbbb:aaaa::1/64 |
| Client IPv6 address | 2001:470:bbbb:aaaa::2/64 |
| Routed /48 | 2001:470:ffff::/46 |
| VLAN10 | 2001:470:ffff:aa10::/64 |
| VLAN30 | 2001:470:ffff:aa30::/64 |
1841 configuration
!
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel1
description HE IPV6 Tunnel
no ip address
ipv6 address 2001:470:bbbb:aaaa::2/64
ipv6 enable
tunnel source FastEthernet0/0
tunnel destination 216.66.80.26
tunnel mode ipv6ip
!
interface FastEthernet0/0
ip address dhcp client-id FastEthernet0/0
duplex auto
speed auto
ipv6 address 2001:470:ffff:aaa1::1/64
ipv6 enable
ipv6 ospf 1 area 0
!
!
ipv6 route ::/0 Tunnel1
ipv6 router ospf 1
router-id 1.1.1.1
log-adjacency-changes
default-information originate always
redistribute connected
redistribute static
!
ASA Configuration
OSPFv3 which supports IPv6 addresses is only available on versions 9.x of the ASA firmware.
!
interface Vlan10
nameif outside
ipv6 address 2001:470:ffff:aaa1::2/64
ipv6 ospf cost 1
ipv6 ospf 1 area 0
!
interface Vlan30
nameif inside
security-level 100
ipv6 address 2001:470:ffff:aa30::1/64
ipv6 nd prefix 2001:470:ffff:aa30::/64
!
ipv6 router ospf 1
router-id 1.1.1.2
log-adjacency-changes
redistribute connected
!
Leave a Reply